CVE-2021-44234: 
SAP Business One vulnerability analysis and mitigation

SAP Business One version 10.0 contains a vulnerability where extended logs store sensitive information that could provide valuable guidance to attackers or expose sensitive user information (NVD, CVE). The vulnerability was discovered and disclosed in January 2022.

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates local access is required, low attack complexity, low privileges required, no user interaction needed, unchanged scope, high confidentiality impact, and no impact on integrity or availability (NVD). The vulnerability is classified under CWE-532 (Insertion of Sensitive Information into Log File).

The vulnerability primarily affects the confidentiality of information, as sensitive data stored in the extended logs could be exposed to attackers. The exposed information could provide valuable guidance for further attacks or compromise user privacy (NVD).

SAP has released security notes and patches to address this vulnerability. Users should refer to SAP Security Note 3106528 for detailed mitigation instructions (SAP Note).